Spam Filter ISP Support - Sending mail thru SPF

Sending mail thru SPF

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6153
Printed Date: 15 December 2025 at 10:02pm

Topic: Sending mail thru SPF

Posted By: ebzed
Subject: Sending mail thru SPF
Date Posted: 23 July 2007 at 4:43am

Hello Everyone,
We enabled lately IMAP access to our mail servers, Everything works
quite perfect on the IMAP side, but when people are sending mails
from the mobile device, SPF rejects them with 557 error message.

The account they are using is whitelisted in the from e-mail.
(They have a special account for IMAP only).

Is there a way to enable SPF to allow such users to send mails thru
the SMTP? i know its in the grey area of mail relay, But SPF can
validate the authentication (in our case, LDAP vs Lotus Notes).

Thanks,
Eran.

Replies:

Posted By: Desperado
Date Posted: 23 July 2007 at 11:44am

Eran,

Here is what we do and it is not too "gray". We have a totally separate SpamFilter set up with the authentication set up (we use a standard UNIX password file). We instruct our mobile users to connect to that server using "SMTP-AUTH". Also, make sure the following line is in your INI file:

AddIncorrectAUTHLOGINEHLOEntry=1

This is because some services (Verizon for example) seems to send old style EHLO and this entry fixes it.

We then have that server forward directly to our normal outbound mail server to do the final delivery. The white / black lists are a little odd for this setup. The only settings we have are:

AllowedDomains.txt: The host name of our mail server ONLY. This satisfies the possible open relay problem but otherwise does nothing.

AllowedIPs.txt: Any IP's that will mail WITHOUT authentication

All other list are disabled. Our outbound server is then instructed to allow unconditional relay from the authenticated servers IP address.

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: ebzed
Date Posted: 23 July 2007 at 2:58pm

Thanks Dan, Works like a charm...

Any reason for a seperate SPF? and using the same one ?
(We are a single domain, with "small" traffic...)
Everything works ok with single SPF unless you have something
that will really convince me... 8-)

Thanks Again!,
Eran.

Posted By: Desperado
Date Posted: 23 July 2007 at 3:09pm

Eran,

In our network, as an ISP, we want to keep outside connections and customer connections separate so I have no compelling reason for you to change if it is working. What authentication type have you set up? (just curious).

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: WebGuyz
Date Posted: 23 July 2007 at 7:45pm

Desperado,

We do the same thing with an instance running auth. It works great except that we seem to have problems with Mac's authenticating. Also we had a customer running a client called Pegasus that would not talk to SFE auth properly and had to whitelist their IP. We usually have to whitelist offices where there are Mac's as well.

Thanks!

-------------
http://www.webguyz.net